June 22, 2010

Privacy Seals - How Useful Are They?

Recently, I've been considering whether to get a privacy seal for my start-up.  A privacy seal (which is a species of a trust seal) is a certification offered by a private company that essentially confirms that a website's privacy policies and other documents/features after testing your privacy policies comply with US law, EU safe harbor, COPPA, etc.

Cost.
Of course, the first thing to consider (putting on my business hat) is how much does it cost and what is the return?

For a young start-up, the cost of a basic seal (certifying just the privacy policy) is around $1000.  Then, if you start adding services (dispute resolution with customers), certification of Safe Harbor compliance or certification on other features (emails, applications), the cost goes up and can quickly reach $5,000.

In fact, the pricing model of most of the (very few) companies offering privacy seals is based on the amount of revenue generated by the website - the higher the revenues, the higher the cost.  So, if a company has revenues of, let's say, $5 million - the cost of the certification will be about $10,000.  So, relatively speaking, it is not so expensive.

Legal Value.
The seal is just a nice stamp on the website and does not have any specific legal value.  It may represent a good marketing tool, but before starting to pay money for the certification I would consider many different things to assess the potential return.  Moreover, it is important to consider the quality of the company making the certification.

Recently, certification company ControlScan was the subject of charges brought by the FTC for misleading consumers regarding the significance of a ControlScan certification seal.  Theoretically, the companies who used ControlScan certifications could also be subject to suits over this issue.  Obviously, no one is interested in buying a litigation risk.  So, before shelling out the money for a certification, it is advisable to double-check the company doing the certification.


Best Practices.
A good reason to consider having a privacy seal is that many of the major Internet companies have it.  It may be especially helpful to have such a seal in the area of privacy law (where the interpretation is not always straightforward and enforcement is uncertain).  It is always a good idea to be in line with the best practices in the industry.  Theoretically, this could provide a defense against some kinds of litigation.


Return.
Of course, improving the website reputation and bolstering users' trust is a revenue driver... yet, before getting too excited, I think it is necessary to consider the specific nature of the services offered by the site and the dynamic of the user base.  For instance, I believe the seal may be more important for an e-commerce site and less important for an search engine or a general portal.

Also, it is very important to understand the meaning/reputation that the privacy seal may have in the specific users' community.  For instance, I believe that certain seals may be more reputable than others in certain jurisdictions while, in some communities, the seals (and privacy issues in general) may not have sufficient relevance to justify the expense.

Additionally, some services may use other tools to enhance users' trust and consumer reliance.  For instance, in B2B services, the reputation of the company and the existence of a close relationship very likely supersede the value of a third party seal.


My call.
For my start-up, I think it is not worth the money. The nature of the service provided, the business model, and the close relationship with users weigh against getting a privacy seal.

On the other hand, moving forward as revenues increase, the cost of the seal may become marginal and it might not hurt to get it.